USE [ERP]
GO

/****** Object:  StoredProcedure [dbo].[SP_CHECK_USER_CREDENTIALS]    Script Date: 11/17/2009 15:15:09 ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

-- =============================================
-- Author:		<Author,,Name>
-- Create date: <Create Date,,>
-- Description:	<Description,,>
-- =============================================
CREATE PROCEDURE [dbo].[SP_CHECK_USER_CREDENTIALS]
	-- Add the parameters for the stored procedure here
	@USERNAME nvarchar(50),
	@PASSWORD nvarchar(50),
	@MODULE_ID nvarchar(50)
AS
BEGIN
	-- SET NOCOUNT ON added to prevent extra result sets from
	-- interfering with SELECT statements.
	SET NOCOUNT ON;

    -- Insert statements for procedure here
	SELECT	DISTINCT('true')
	FROM	RolePermissions INNER JOIN
				UserRoles ON RolePermissions.RoleID = UserRoles.RoleID INNER JOIN
				Users ON UserRoles.UserID = Users.ID
	WHERE	Users.Username = @USERNAME 
			AND Users.Password = @Password 
			AND Users.Status = 1 --Active user
			AND RolePermissions.ModuleID = @MODULE_ID	
			--user should at least has view permission
			AND RolePermissions.AllowView = 1		
END

GO

